gcleaner | 59bba11d5069ab5d7eb810cd75c59da534c97fa565428dff4ed8341b6e65a3ae | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

HEUR-Troja...3b6.7z

windows10-2004-x64

Sharing

General

Target

HEUR-Trojan-Downloader.Win32.Upatre.gen-431da2bfead5da6bfa24bf8ecd9a43863ff06f0ea5cf76f330d7359ade0b23b6.7z
Size

252KB
Sample

250302-zjb8nsvls3
MD5

72d78b59ad0456c64a76fa91a1c084e3
SHA1

c53539a0abf85c3df78a7f877609bf053ea2d466
SHA256

59bba11d5069ab5d7eb810cd75c59da534c97fa565428dff4ed8341b6e65a3ae
SHA512

ae84f6e00b55735319ad59651e7c87e928562ec4299786c748cc7bb15f071f0c748956dbde3df804ab1e7197365e7bc8e7986c03129f95a45d8e42f5dadadb55
SSDEEP

6144:fzQoKDUrMj+xSH78PB9dNKmCcxES227kRUYTgZLTok3DRrxevC:0o2UrMawbaBUXcxE/Q2U+gLTok3y6

Score

10^/10

gcleaner onlylogger discovery loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

HEUR-Trojan-Downloader.Win32.Upatre.gen-431da2bfead5da6bfa24bf8ecd9a43863ff06f0ea5cf76f330d7359ade0b23b6.7z

Resource

win10v2004-20250217-en

gcleaner onlylogger discovery loader

windows10-2004-x64

18 signatures

120 seconds

Malware Config

Extracted

Family

gcleaner

C2

gcl-gb.biz

45.9.20.13

Targets

- Target
  
  HEUR-Trojan-Downloader.Win32.Upatre.gen-431da2bfead5da6bfa24bf8ecd9a43863ff06f0ea5cf76f330d7359ade0b23b6.7z
- Size
  
  252KB
- MD5
  
  72d78b59ad0456c64a76fa91a1c084e3
- SHA1
  
  c53539a0abf85c3df78a7f877609bf053ea2d466
- SHA256
  
  59bba11d5069ab5d7eb810cd75c59da534c97fa565428dff4ed8341b6e65a3ae
- SHA512
  
  ae84f6e00b55735319ad59651e7c87e928562ec4299786c748cc7bb15f071f0c748956dbde3df804ab1e7197365e7bc8e7986c03129f95a45d8e42f5dadadb55
- SSDEEP
  
  6144:fzQoKDUrMj+xSH78PB9dNKmCcxES227kRUYTgZLTok3DRrxevC:0o2UrMawbaBUXcxE/Q2U+gLTok3y6
Score

10^/10

gcleaner onlylogger discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- Onlylogger family
  onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleaneronlyloggerdiscoveryloader

© 2018-2025

Terms | Privacy